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VM 


Vulnerability Management 


Continuously detect and protect against attacks, 


anytime, anywhere. 


Qualys VM is a cloud-based service that 
gives you immediate, global visibility into 
where your IT systems might be vulnerable 
to the latest Internet threats and how to 
protect them. It helps you to continuously 
identify threats and monitor unexpected 
changes in your network before they turn 
into breaches. 

Built on the world’s leading cloud-based security and 

compliance platform, Qualys VM frees you from the substantial 
cost, resource and deployment issues associated with 

traditional software products. Known for its fast deployment, 
unparalleled accuracy and scalability, as well as its rich 


integration with other enterprise systems, Qualys VM is relied 
upon by thousands of organizations throughout the world. 


© Qualys 


Vulnerability Scorecard Report 
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Results 


Vulnerability Distribution by Severity Level Vulnerability Distribution by Type 


Sim, 


m Level5 37,210 65% 
Mlevel4 58,268 38% 
Mlevel3 47,317 21% 
MlLevel2 17,768 18% 
MLevel1 2,413 5% 
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Severities by Levels Vulnerability Type jeni 
r 


Title Hosts Level5 Level4 Level3 Level2 Level1 Confirmed Potential IG Total %o 


Vulnerability Status 
New Active Fixed Ret 


The subnet 73 1783 1880 1783 1783 1783 7986 777 777 112 89% 80 80 80 
RSA Demo 28 1125 1282 1125 1125 1125 5289 203 203 


Windows Systems 10 844 92 844 844 844 3076 56 56 


AIX 5&6 (Chiharu) 1 0 0 0 0 0 257 15 15 


Empty 1 0 0 0 0 0 11 2 2 1 0 80 80 80 


Key Features 


Agent-based detection 


In addition to our scanners, VM also works with the groundbreaking 
Qualys Cloud Agents, extending its network coverage to assets that 
can’t be scanned. The lightweight, all-purpose, self-updating agents 
reside on the assets they monitor— no scan windows, credentials, or 
firewall changes needed. Vulnerabilities are found faster, and network 


impact is minimal. 


Comprehensive coverage and visibility 


Qualys VM continuously scans and identifies vulnerabilities with Six 
Sigma (99.99966%) accuracy, protecting your IT assets on premises, in 
the cloud and mobile endpoints. Its executive dashboard displays an 
overview of your security posture and access to remediation details. 
VM generates custom, role-based reports for multiple stakeholders, 


including automatic security documentation for compliance auditors. 


Constant monitoring and alerts 


When VM is paired with Continuous Monitoring (CM), InfoSec teams 
are proactively alerted about potential threats so problems can be 
tackled before turning into breaches. You can tailor alerts and be 
notified about general changes or specific circumstances. CM gives 
you a hacker’s-eye view of your perimeter, acting as your cloud 
sentinel. 


VM for the perimeter-less world 


As enterprises adopt cloud computing, mobility, and other disruptive 
technologies for digital transformation, Qualys VM offers next- 
generation vulnerability management for these hybrid IT 
environments whose traditional boundaries have been blurred. With 
its fast deployment, low TCO, unparalleled accuracy, robust 
scalability, and extensibility, Qualys VM is relied upon by thousands 
of organizations throughout the world. 


Qualys VM is the Industry’s most advanced, scalable 
and extensible solution for continuous vulnerability 
management and compliance. Its capabilities are 
powered by the Qualys Cloud Platform. 


Benefits 
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Leadership Award 


Continuous, comprehensive protection 


CS © Continuously monitors your environment, and “Qualys continues to lead the market 


flags traffic anomalies and compromise indicators : : 
with new network coverage and security 


solutions that leverage its cloud-based 
O Accurate, prioritized results kad 
platform for scalability, automation, and 
Features a powerful data analysis, correlation and 


l l ease of use.” 
reporting engine 


Lower and more predictable TCO 


© No capital expenditures, extra human resources or 
infrastructure or software to deploy and manage. 


Detailed Features 


Visually map your network with our graphical host map 


Discover forgotten devices and organize 
your host assets 


Prioritize your remediation by assigning a business impact to each 


asset 
With Qualys, you can quickly determine what’s actually running in 


corporate network to virtualized machines and cloud services such as GEVICS Ont YOUr NENON 
Amazon EC2. Uncover unexpected access points, web servers and Organize hosts to match the structure of your business—e.g., by 


other devices that can leave your network open to attack. location, region, and company department 


Control which hosts can be scanned by which users 


Continuously monitor your perimeter for unexpected changes with 
our optional Continuous Monitoring service 
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Dynamically tag assets to automatically categorize hosts by 
attributes like network address, open ports, OS, software installed, 
and vulnerabilities found 


Scan for vulnerabilities 
everywhere, accurately and 
efficiently 


Scan systems anywhere from the same console: 
your perimeter, your internal network, and cloud 
environments (such as Amazon EC2). Since Qualys 
separates scanning from reporting, you can scan 
deeply and then create custom reports showing 
each audience just the level of detail it needs to 
see. 


Select target hosts by IP address, asset group or 
asset tag 


Scan manually, on a schedule, or continuously 


Scan behind your firewall securely with Scanner 
Appliances, remotely managed by Qualys 24/7/365 


Scan complex internal networks, even with 
overlapping private IP address spaces 


Securely use authentication credentials to log in to 
each host, database or web server 


Scan in Amazon EC2 without filling out request 
forms—Qualys is pre-approved 


Save time with our Six Sigma accuracy rate—no 
more chasing after false positives 
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Store configuration information offsite with secure 
audit trails 


Custom reports anytime, 
anywhere — without rescanning 


Qualys’ ability to track vulnerability data across 
hosts and time lets you use reports interactively to 
better understand the security of your network. Use 
a library of built-in reports, change what’s shown 
or choose different sets of assets — all without 
having to rescan. Reports can be generated on 
demand or scheduled automatically and then 
shared with the appropriate recipients online, in 
PDF or CSV. 


© Create different reports for different audiences— 
from scorecards for executives, to detailed drill- 
downs for IT teams 


Document that policies are followed & lapses get 
fixed 


Provide context & insight about each vulnerability, 
including trends, predictions, and potential 
solutions 


© Track ongoing progress against vulnerability 
management objectives 


Share up-to-the-minute data with GRC systems & 
other enterprise applications via XML-based APIs 


Identify and prioritize risks 


Using Qualys, you can identify the highest business 
risks using trend analysis, Zero-Day and Patch 
impact predictions. 


Track vulnerabilities over time: as they appear, are 
fixed, or reappear 


© Monitor certificates deployed throughout your 
network—see what’s about to expire, which hosts 
they are used on, what their key size is, and 
whether or not they are associated with any 
vulnerabilities 


g Put critical issues into context with the Qualys’ 
industry-leading, constantly updated 
KnowledgeBase 


© See which hosts need updates after Patch Tuesday 
every month 


© Examine your network’s vulnerabilities over time, at 
different levels of detail, instead of just single 
snapshots 


© Predict which hosts are at risk for Zero-Day 
Attacks with the optional Qualys Zero-Day Risk 
Analyzer 
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Vulnerability Management v 


Dashboard Scans Reports Remediation 


Schedules 


*= Scans Scans Maps 


Get Started Tutorials: Scans 


Appliances 


Remediate vulnerabilities 


Qualys’ ability to track vulnerability data across 
hosts and time lets you use reports interactively to 
better understand the security of your network. Use 
a library of built-in reports, change what’s shown 
or choose different sets of assets — all without 
having to rescan. Reports can be generated on 
demand or scheduled automatically and then 
shared with the appropriate recipients online, in 
PDF or CSV. 


© Automatically generate and assign remediation 
tickets whenever vulnerabilities are found 


Get consolidated reports of which hosts need 
which patches 


Integrate with third-party IT ticketing systems 


Manage exceptions when a vulnerability might be 
riskier to fix than to leave alone 


Exceptions can be set to automatically expire after 
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a period of time for later review 
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Option Profiles Authentication Search Lists Setup 


O Do not show tut 


This is where you can manage your vulnerability scans and your scan configurations. 


Launch new vulnerability scans, monitor the status of running scans and view the details 
of vulnerabilities discovered after scans complete. 


© Manage Vulnerability Scans 


Watch demo Ch 


etc.) in a map. 
Watch demo 9 


Customize the various scanning options required to run a scan. These can be saved as 
profiles for reuse. A default profile is provided for common environments. 


E) Configure Scan Settings 


4 Watch demo (i 


Configure Search Lists 


=——s Apply custom lists of vulnerabilities to scan profiles in order to limit scanning to certain 
=% vulnerabilities only. 


Manage Discovery Scans 


Use free discovery scans (maps) to discover live devices on your network. Discovered 
devices can be selected for vulnerability scanning based on the info gathered (OS, ports, 


Configure Scan Schedules 


Watch demo Cy 


Configure Scanner Appliances 


zn 
E; Scanner Appliances (physical or virtual) are required to scan devices on internal 


Set Up Host Authentication 


Watch demo (hy 


Configure scans to run automatically, or on a recurring basis and monitor results of 
scans. 


networks. Managers can download appliances and configure them for scanning. 


Use the authentication feature (Windows, Linux, Oracle, etc) to discover and validat 
vulnerabilities by performing an in-depth assessment of your hosts. 


Powered by the Qualys Cloud Platform 
- the revolutionary architecture that powers 
Qualys’ IT security and compliance cloud apps 


Sensors that provide continous visiblity Respond to threats immediately 
On-premises, at endpoints or in the cloud, the Qualys Cloud With Qualys’ Cloud Agent technology, there’s no need to 
Platform sensors are always on, giving you continuous 2-second schedule scan windows or manage credentials for scanning. 
visibility of all your IT assets. Remotely deployable, centrally And Qualys Continuous Monitoring service lets you proactively 
managed and self-updating, the sensors come as physical or address potential threats whenever new vulnerabilities appear, 
virtual appliances, or lightweight agents. with real-time alerts to notify you immediately. 

All data analyzed in real time See the results in one place, 


anytime, anywhere 


Qualys Cloud Platform provides an end-to-end solution, allowing 


pM Ale isle cols cfahele a E a oahu e Qualys Cloud Platform is accessible directly in the browser, no 


ao e e e ie OE EMELINE. 9 plugins necessary. With an intuitive, single-pane-of-glass user 


ie y eea E a CE yaa @ oe ey ea ot e leis interface for all its apps, it lets you customize dashboards, drill down 


in a scalable, state-of-the-art backend, and provisioning additional into details, and generate reports for teammates and auditors. 


cloud apps is as easy as checking a box. 


Cloud Platform Apps 


Qualys apps are fully integrated and natively share the data they collect for real-time 
analysis and correlation. Provisioning another app is as easy as checking a box. 


ASSET MANAGEMENT IT SECURITY WEB APP SECURITY COMPLIANCE MONITORING 


Asset Inventory Vulnerability Management Web App Scanning Policy Compliance 


CMDB Sync Threat Protection Web App Firewall Pci) PCI Compliance 


Continuous Monitoring File Integrity Monitoring 


Indication of Compromise Security Configuration 


Assessment 
Container Security 
Cloud Security Assessment 


Security Assessment 
Questionnaire 


Qualys is easy to implement, easy to use, fully scalable - 
and require NO infrastructure or software to maintain. 
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